User authentication method in network

ABSTRACT

When a network connection request is sent from a user&#39;s personal computer ( 2 ) to a server ( 1 ) on the Internet ( 5 ), the server ( 1 ) sends an authentication confirmation number generated by a random number generating unit ( 13 ) to the personal computer ( 2 ) of the connection requester. The connection requester connects a portable telephone ( 3 ) to a modem ( 4 ) and enters the authentication confirmation number displayed on the personal computer ( 2 ) through operation of keys of the portable telephone ( 3 ). An authentication unit ( 16 ) authenticates the connection request of the connection requester to set up connection to the network if the telephone number of the portable telephone ( 3 ) stored in a user information storage unit ( 12 ) agrees with the telephone number sent to the modem ( 4 ) and if the authentication confirmation number entered through the portable telephone ( 3 ) is correct.

TECHNICAL FIELD

The present invention relates to a method for identifying andauthenticating a user of a terminal when the terminal is connected to anetwork such as the Internet or an intranet.

BACKGROUND ART

When making a connection to the Internet, there is employed thefollowing method (referred to as “a password method”) in which a usercontracts with the Internet service provider (referred to as a“provider,” hereinafter) and determines a user number and a password inadvance, and at the time of connecting, the user inputs the user numberand the password. Thereby the provider identifies the user andauthorizes connection to the Internet.

In a service of transferring money such as a bank transfer on theInternet, a method of identifying a user by the use of a random numberstable (referred to as “a random numbers table method”) is performed. Inthis method, a user number and a password are determined between a userand a service providing institution such as a bank, and a random numberstable is given to the user by the service providing institution. Whenthe user inputs the user number and password at the time of using theservice, the user is requested to input a number in a box in the randomnumbers table by the service providing institution. When it is confirmedthat the number input by the user agrees with the number in the randomnumbers table, the user can be provided with the service.

Furthermore, in connection to an intra-company LAN via the Internet, orconnection to an intra-company LAN by a dial-up remote access such asISDN etc. via a public line, an authentication method referred to as aone-time password method is employed. The user, who was given a passwordgenerating device from the service provider, inputs a user number and apassword displayed on the password generating device. When the passwordinput by the user agrees with the password in the server at the side ofthe service provider, the connection is authorized.

In the password method, the password determined between the serviceprovider and the user is fixed and used many times. Therefore, if theuser number and the password are known to the third person, there may bea problem of wrongdoing called “pretending” in which the third personpretends to be the user in person and makes a connection to the Internetillegally by using the user number and the password and receives variousservices.

In the random numbers table method or the one-time password method,although the safety of security is higher than the password method, auser always has to carry the random numbers table or password generatingmethod, and therefore such methods are troublesome methods for the user.

DISCLOSURE OF THE INVENTION

It is an object of the present invention to provide a network systemcapable of authenticating a user easily and securely without requestingthe user to use a special device or to do a complicated operation.

In order to achieve the above-mentioned object, a method forauthenticating a user, by which a server device of a service providerauthenticates a service user on a network includes a confirmationinformation issuing step including receiving an authentication requestfrom a first communication device of the service user, and thengenerating a confirmation information to be replied to the firstcommunication device; and an authentication step of judging whether ornot the confirmation information replied to the first communicationdevice agrees with the confirmation information sent from the serviceuser by a second communication device using a communication path that isdifferent from a communication path of the first communication device.

As the first communication device, a computer, etc. connected to theserver device via the Internet can be used, and as the secondcommunication device, a telephone, etc. can be used. Thus, withoutrequiring the user to use a special device or to do a complicatedoperation, it is possible to provide a network system with a highsecurity level, which can authenticate a user easily and reliably.

It is preferable that the method for authenticating a user furtherincludes steps of obtaining first authentication requester informationabout a service user who makes the authentication request based on theinformation contained in the authentication request received from thefirst communication device; and obtaining second authenticationrequester information about the service user when receiving confirmationinformation from the second communication device and judging whether ornot the first authentication requester information agrees with thesecond authentication requester information. According to this method,in addition to the check of the confirmation information, since thecheck of the first and the second authentication requester informationis carried out, the security level can be improved further.

In the above-mentioned method for authenticating a user, it ispreferable that the first communication device is a computer connectedto the server device of the service provider via the Internet, thesecond communication device is a telephone, the first authenticationrequester information is a telephone number registered in advance in theserver device by each service user, and the second authenticationrequester information is a telephone number of the second communicationdevice, and the telephone number is obtained from a calling telephonenumber notification service provided by a telephone network.

In the above-mentioned method for authenticating a user, it ispreferable that the first communication device is a computer connectedto the server device of the service provider via the Internet, thesecond communication device is a telephone, the first authenticationrequester information is a user's name registered in advance in theserver device by each service user, and the second authenticationrequester information is a user's name of the second communicationdevice registered in a telephone company.

In the above-mentioned method for authenticating a user, it ispreferable that the second authentication requester information isobtained by performing an inquiry to the user management device of thetelephone company providing the second communication device based on thetelephone number of the second communication device obtained by thecalling telephone number notification service provided by the telephonenetwork.

In the above-mentioned method for authenticating a user, it ispreferable that when it is judged that the first authenticationrequester information agrees with the second authentication requesterinformation, a toll of the service used by the service user is collectedfrom the service user's bank account from which telephone charges aredrawn.

In the above-mentioned method for authenticating a user, it ispreferable that the server device of the service provider sends theconfirmation information replied in the confirmation information issuingstep to the user management device of the telephone company and allowsthe user management device of the telephone company to execute theauthentication step.

In the above-mentioned method for authenticating a user, it ispreferable that the first communication device is a computer connectedto the server device of the service provider via the Internet, and thesecond communication device is a telephone, the method further includes,in the authentication step after it is judged that the confirmationinformation replied to the first communication device agrees with theconfirmation information sent from the service user by the secondcommunication device, a step of receiving credit card information of theservice user from the second communication device and charging theservice user based on the received credit card information.

In the above-mentioned method for authenticating a user, it ispreferable that the server device of the service provider sends theconfirmation information replied in the confirmation information issuingstep to the server device of a credit card company, and allowing theserver device of the credit card company to execute the authenticationstep.

It is preferable that the above-mentioned method for authenticating auser further includes steps of obtaining a telephone number of thesecond communication device from the calling telephone numbernotification service provided by the telephone network; obtaining auser's name of the second communication device from the user managementdevice of the telephone company based on the obtained telephoned number,and judging whether or not the user's name of the credit card obtainedfrom the user management device of the credit card company agrees withthe user's name of the second communication device obtained by the usermanagement device of the telephone company.

In the above-mentioned method for authenticating a user, it ispreferable that characters or numbers generated randomly or thecombination thereof are used as the confirmation information.

Furthermore, in order to achieve the above-mentioned object, theauthentication method of the present invention includes an externalconnection unit for receiving an authentication request from a firstcommunication device of a service user, a confirmation informationgenerating unit for generating confirmation information to be replied tothe first communication device, a confirmation information storage unitfor storing the confirmation information replied to the firstcommunication device, a confirmation information receiving unit forreceiving the confirmation information sent by the service user from thesecond communication device using a communication path that is differentfrom a communication path of the first communication device, and anauthentication unit for judging whether or not the confirmationinformation received by the confirmation information receiving unitagrees with the confirmation information stored in the confirmationinformation storing unit.

It is preferable that the authentication device further includes a firstauthentication requester information obtaining unit for obtaining afirst authentication requester information about a service user whomakes the authentication request based on the information contained inthe authentication request received from the first communication device;and a second authentication requester information obtaining unit forobtaining the second authentication requester information about theservice user when receiving the confirmation information from the secondcommunication device, wherein the authentication unit also judgeswhether or not the first authentication requester information agreeswith the second authentication requester information.

In the above-mentioned authentication device, it is preferable that thefirst communication device is a computer connected to the server deviceof the service provider via the Internet, and the second communicationdevice is a telephone; the user authentication device further includes afirst authentication requester information registering unit for storinga telephone number of the telephone used by each service user as thesecond communication device as the first authentication requesterinformation; and the second authentication requester information is atelephone number of the second communication device, and the secondauthentication requester information obtaining unit obtains the secondauthentication requester information from a calling telephone numbernotification service provided by a telephone network.

In the above-mentioned authentication device, it is preferable that thefirst communication device is a computer connected to the server deviceof the service provider via the Internet, and the second communicationdevice is a telephone; the user authentication device further includes afirst authentication requester information registering unit for storinga name of each service user as the first authentication requesterinformation, the second authentication requester information is the nameof the user of the second communication device registered in thetelephone company, and the second authentication requester informationobtaining unit obtains the user's name from the user management deviceof the telephone company.

In the above-mentioned authentication device, it is preferable that thesecond authentication requester information obtaining unit obtains atelephone number of the second communication device from the callingtelephone number notification service provided by the telephone networkand performs inquiry to the user management device of the telephonecompany based on the obtained telephone number, thereby obtaining thesecond authentication requester information.

In the above-mentioned authentication device, it is preferable that thefirst communication device is a computer connected to the server deviceof the service provider via the Internet and the second communicationdevice is a telephone; and the user authentication device furtherincludes a credit information receiving unit for receiving credit cardinformation of the service user from the second communication device,and a billing unit for charging the service user based on the creditcard information received by the credit information receiving unit afterit is judged that in the authentication step, the confirmationinformation replied to the first communication device agrees with theconfirmation information sent from the service user by the secondcommunication.

It is preferable that the above-mentioned authentication device furtherincludes a telephone number obtaining unit for obtaining a telephonenumber of the second communication device from the calling telephonenumber notification service provided by the telephone network; and auser's name obtaining unit for obtaining the name of the user of thesecond communication device from the user management device of thetelephone company based on the obtained telephone number, wherein theauthentication unit judges whether or not the user's name of the creditcard obtained from the user management device of the credit card companyagrees with the user's name of the second communication device obtainedfrom the user management device of the telephone company.

In the above-mentioned authentication device, it is preferable thatcharacters or numbers generated randomly or the combination thereof areused as the confirmation information.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram showing a schematic configuration of a networksystem according to a first embodiment.

FIG. 2 is a flow chart showing a procedure in which a user receives anauthentication for access from a home personal computer to a server inthe network system according to the first embodiment.

FIG. 3 shows an example of an input screen displayed on a user'spersonal computer in the network system according to the firstembodiment.

FIG. 4 shows an example of a display screen of the user's personalcomputer on which a confirmation number sent by a server is displayedaccording to a first embodiment.

FIG. 5 is a block diagram showing a schematic configuration of anon-line shopping system according to a second embodiment.

FIG. 6 is a merchandise list provided from a shopping site to a user'sterminal device in the on-line shipping system according to the secondembodiment.

FIG. 7 is a screen for purchasing merchandise provided from the shoppingsite to the user's terminal device.

FIG. 8 is a screen for confirming the purchasing merchandise providedfrom the shopping site to the user's terminal device.

FIG. 9 is an ordering screen provided from the shopping site to theuser's terminal device.

FIG. 10 is a screen for a final confirmation provided from the shoppingsite to the user's terminal device.

FIG. 11 is a block diagram showing a schematic configuration of anon-line shipping system according to a third embodiment.

BEST MODE OF CARRYING OUT THE INVENTION First Embodiment

Hereinafter, one embodiment of the present invention will be explainedwith reference to the drawings.

Herein, a SOHO (small office home office) user who works at home byconnecting a home personal computer to a server of a company via apublic line such as ISDN, etc. will be explained as an example. That is,in this example, the company is a service provider and the SOHO user isa service user.

FIG. 1 is a block diagram showing a schematic configuration of a networksystem according to this embodiment. In FIG. 1, reference numeral 1denotes a server of a LAN in an office of the company; 2 denotes apersonal computer (first communication device) used by a user at home,etc.; 3 denotes a portable telephone (second communication device) of auser; and 4 denotes a modem for the server 1. The user accesses theserver 1 of the office from the personal computer 2 via the Internet 5.Note here that a telephone network between the portable telephone 3 andthe modem 4 is omitted in this drawing. Furthermore, LAN, etc. to whichthe server 1 is connected also is omitted in the drawing.

In order to make a connection to the system of the office, the userregisters in advance a user number and password uniquely provided toeach user, and a telephone number (herein, a telephone number of theportable telephone 3) for performing an authentication confirmationprocedure in a user information storage unit 12 of the server 1 of theoffice.

Hereinafter, the procedure in which the user receives an authenticationof access to the server 1 of the office from the home personal computer2 will be explained with reference to a flowchart shown in FIG. 2.

A user starts up the home personal computer 2 and accesses the server 1provided in the office via the Internet 5 (step U1). When a connectionbetween the user's personal computer 2 and the server 1 is established,a request to input “user number” and “password” is sent from the server1 to the user's personal computer 2 (step S1).

At this time, as shown in FIG. 3, an input screen is displayed on adisplay of the personal computer 2, and the user inputs a user number(“ARK00750” in an example of FIG. 3) and a password in accordance withthe request to input (step U2). Note here that the input password isdisplayed by asterisks, but herein it is assumed that “ADLN01” is inputas a password. Then, when the user clicks a sending button displayed onthe input screen, the user number and the password input by the user aresent from the personal computer 2 to the server 1.

In the server 1, an external connection unit 11 receives the user numberand the password sent from the personal computer 2. Then, anauthentication unit 16 inquires whether or not the user number and thepassword received by the external connection unit 11 agree with the usernumber and the password registered in a user information storage unit 12in advance (step S2).

If it can be confirmed that the sent user number and password agree withthe user number and password registered in advance, the authenticationunit 16 allows a random number generating unit 13 (confirmationinformation generating unit) to generate random numbers and the randomnumbers are sent as a confirmation number (confirmation information) tothe user's personal computer 2 (step S3). For example, the randomnumbers generated by the random generating unit 13 is, for example,“4756,” and the confirmation number “4756” is sent to the user'spersonal computer 2.

Herein, the authentication unit 16 stores the user number “ARK00750” andpassword “ADLN01” received in the step S2, the confirmation number“4756” issued in the step S3, and the telephone number “090xxxxyyyy” forconfirming the user's authentication number in a confirmation numberstorage unit 14 (confirmation information storage unit) as confirmationnumber issuing information (step S4). Note here that the telephonenumber for confirming the authentication number was registered inadvance in the user information storage unit 12 by the user, and it isobtained from the user information storage unti 12 by the authenticationunit 16 and stored in the confirmation number storage unit 14.

That is, in this embodiment, the telephone number of the portabletelephone 3 is used as a first authentication requester information andthe user information storage unit 12 plays a role of the firstauthentication requester information registering unit. Furthermore, asmentioned below, a telephone number obtained from a calling telephonenumber notification service is used as a second authentication requesterinformation; and the authentication unit 16 functions as a firstauthentication requester information obtaining unit.

When the user's personal computer 2 receives the confirmation number“4756” from the server 1, it displays the confirmation number “4756” onthe screen as shown in FIG. 4 (step U3). The user telephones a telephonenumber designated in advance in order to access the confirmation numberreceiving unit 15 of the server 1 by using the portable telephone 3(telephone number: 090xxxxyyyy) (step U4).

When the confirmation number receiving unit 15 of the server 1 respondsto the telephone from the user, it obtains the telephone number of thecaller's portable telephone 3 from the calling telephone numbernotification service provided by a telephone network (not shown) so asto be stored (step S5). That is, in this embodiment, the confirmationnumber receiving unit 15 functions as the second authenticationrequester information obtaining unit. Furthermore, the confirmationnumber receiving unit 15 sends a voice message such as “input theconfirmation number replied from the server” to the portable telephone 3(step S6).

Herein, the user inputs the confirmation number sent from the server 1to the personal computer 2 as mentioned above by pushing key buttons“4,” “7,” “5,” and “6” by using the keys of the portable telephone 3(step U5).

When the confirmation number receiving unit 15 receives the confirmationnumber “4756” from the portable number 3, it sends the receivedconfirmation number and the telephone number “090xxxxyyyy” of theportable telephone 3 obtained in the step S5 to the authentication unit16 as the user information. Then, the authentication unit 16 comparesthe user information sent from the confirmation number receiving unit 15with the confirmation number issuing information stored in theconfirmation number storage unit 14 (step S7).

When the authentication unit 16 confirms that the user information(telephone number “090xxxxyyyy” and confirmation number “4756”) obtainedfrom the confirmation number receiving unit 15 agrees with the telephonenumber and the confirmation number stored in the confirmation numberstorage unit 14, respectively, it authenticates that the connectionrequest via the user number (ARK00750) and the password (ADLN01) is sentfrom the user in person and authorizes the connection from the personalcomputer 2 to the server 1 (step S8). Thereafter, the user can useresources on the LAN in an office via the server 1.

In the above explanation, the example in which the connectionauthentication in the case of accessing the server of the office fromthe personal computer was explained. However, the present invention isnot limited to this embodiment, and the same effect can be achieved inapplying this embodiment to a banking operation on the Internet.

Furthermore, in the above mention, the case where a personal computer isemployed as the first communication device used by a user and a portabletelephone is employed as the second communication device is shown as anexample, but the combination of the first and the second communicationdevices is not limited to this, and any combinations of communicationdevices can be applied as long as the communication device connects auser to a server via a communication path.

Furthermore, in the case where a user can use a plurality of channelsthat are physically in one line, like, for example, ISDN or xDSL, it ispossible to make a connection request from a first communication device(for example, a personal computer) to a server via any one of channelsand from a second communication device (for example, a telephone line)to a server via another channel.

Furthermore, in this embodiment, the confirmation number generated bythe random number generating unit was used. However, besides this, acharacter string generated randomly or a combination of characters andnumbers, and the like, can be used.

As mentioned above, according to this embodiment, the user need notcarry a password generating device, etc. Furthermore, since the userexchanges information necessary to the connection authentication such asa password via a communication method that is not connected to theInternet, it is possible to prevent wrongdoing such as “pretending,”etc. easily.

Furthermore, according to this embodiment, as the second authenticationrequester information, the user's telephone number is used and thistelephone number is obtained from a calling telephone numbernotification service, making it difficult for the third person topretend to be the user in person. Thus, it is possible to prevent thewrongdoing reliably.

Second Embodiment

Hereinafter, the second embodiment of the present invention will beexplained.

FIG. 5 is a block diagram showing a schematic view showing an on-lineshopping system according to this embodiment.

A service user accesses a homepage of a service provider running ashopping site from a terminal device 22 via the Internet 5. Thishomepage is provided by a server 21 of the service provider. Note herethat a service user registers in advance user information such as name,address and E-mail address, etc. in a user information storage unit 212(first authentication requester information registering unit) of theserver 21.

The user browses the shopping site to look for merchandise. FIG. 6 is anexample of a screen (screen of a merchandise list) of the shopping sitedisplayed on the user's terminal device 22. This screen of a merchandiselist and each of the below-mentioned screens are provided by a screenproviding unit 213 of the server 21 to the terminal device 22 in, forexample, HTML or XML, etc. in accordance with a click operation, etc. bya user.

In the case where the user intends to purchase, for example, “lowcalorie Japanese sweets, strained bean jam (8 pieces),” the user clicksa letter part of “low calorie Japanese sweets, strained bean jam (8pieces)” on the display screen. Thus, the screen is changed into ascreen for purchasing merchandise of “low calorie Japanese sweets,strained bean jam (8 pieces)” in FIG. 7. In this screen, the user inputsthe purchasing number of “low calorie Japanese sweets, strained bean jam(8 pieces).” In an example shown in FIG. 7, “1” is input by the user ina number inputting box. After inputting the purchasing number ofmerchandise, the user clicks a letter part of “put in a shopping cart.”

Furthermore, in the case where the other merchandise is purchased, byclicking the letter part of “merchandise list” on the screen in FIG. 7,the screen returns to the screen of the merchandise list shown in FIG.6. Herein, the user clicks, for example, a letter part of “socks B” andthen screen is shifted into the screen for purchasing merchandise of“socks B” similar to mentioned above. Then, the user sets the purchasingnumber and clicks the letter part “put in a shopping cart.”

When the user clicks “shopping cart” on the lower part of the screen forpurchasing merchandise in FIG. 7, the screen is shifted to a screen forconfirming the purchasing merchandise. In this screen, the user confirmsthat the merchandise put in the shopping cart is certainly one box of“low calories Japanese sweets, strained bean jam (8 pieces)” and twopairs of “socks B,” and in the case of ordering these items, the userclicks the letter “To ordering screen” in the lower part of the screenfor confirming the purchasing merchandise. Thus, the display screen ofthe terminal device 22 is shifted to the ordering screen shown in FIG.9. Note here that price, etc. shown in FIG. 8 or 9 is calculated by abilling unit 218 of the server 21.

As shown in FIG. 9, in the upper part of the ordering screen, thepurchasing merchandise information is displayed, and in the lower partof the screen, the letter “Please telephone the number below forconfirmation of order and input your ID number for confirmation” and thetelephone number and the ID number for confirmation are displayed. ThisID number for confirmation is determined by allowing a random numbergenerating part 216 to generate random numbers and is sent to the user'sterminal device 22 together with the telephone number for confirming theID number. Furthermore, the ID number for confirmation is stored in anauthentication information storage part 214 in the server 21 togetherwith the name of the user who sends the ID number for confirmation(first authentication requester information), or together withinformation (for example, E-mail address, user's ID etc. used foraccessing the shopping site) that can be used as a retrieving key foridentifying a user's name from the data stored in the user informationstorage unit 212. Note here that the telephone number for confirming IDnumber is a telephone number of a modem 24 connected to the server 21.

The user telephones the number displayed on the ordering screen by usingthe portable telephone 23. When the server 21 receives a telephone callfrom the portable telephone 23 by the modem 24, it obtains and storesthe telephone number of the portable telephone 23 from a callingtelephone number notification service provided by a telephone network(not shown). When the telephone is connected to the server 21, the userinputs the ID number for confirmation displayed on the screen of theterminal device 22 from the keys of the portable telephone 23.

Note here that as shown in FIG. 5, the server 21 of the service provideris connected also to a server 26 (user management device) of a telephonecompany via a private line 27. Note here that the private line 27 isused only for the communication between the server 21 and the server 26and no one can access the server 26 from, for example, the terminaldevice 22, etc. via the server 21. The authentication unit 217 of theserver 21 accesses the server 26 via this private line 27 and obtainsthe “user's name (second authentication requester information obtainingunit)” and “address” of the portable telephone as the user informationof the portable telephone 23.

Furthermore, the server 21 identifies the user corresponding to the IDnumber for confirmation by referring to the authentication informationstorage part 214 (if necessary, the user information storage unit 212)based on the ID number for confirmation sent from the portable telephone23, and if the “user's name” which the user has registered in the userinformation storage unit 212 agrees with the “user's name” of theportable telephone 23 that the authentication unit 217 obtains from theserver 26 of the telephone company, the server 21 displays a finalconfirmation screen as shown in FIG. 10 in the user's terminal device22. Herein, the user information sent from the server 21 of the serviceprovider to the terminal device 22 is only the user's family name. Thus,as shown in FIG. 10, since the user's name is displayed as anaddressee's name on the left upper part of the final confirmationscreen, the user can confirm that the user in person is recognized as apurchaser correctly. Furthermore, by sending only the family name fromthe server 21 to the terminal device 22, it is possible to minimize theindividual information appearing on the Internet, thus enabling thesecurity to be improved.

The user confirms a display “We charge you for merchandise together withtelephone charge for sending confirmation ID.” on this finalconfirmation screen and clicks an “OK” button. Thus, the ordering ofmerchandise performed from the terminal device 22 to the server 21 isestablished.

When the server 21 of the service provider receives the confirmed orderof merchandise, it requests a distribution system (not shown in thedrawing) to ship the ordered merchandise. Furthermore, the billing unit218 of the server 21 sends information such as a purchase price of themerchandise to the server 26 of the telephone company via the privateline 27 so that the telephone company can draw the purchase price of themerchandise from a bank account that the user has registered as anpayment account for the telephone charge. The telephone company drawsthe price of merchandise purchased on the shopping site of the server 21together with the toll of the portable telephone from the user's bankaccount for the portable telephone 23.

In this embodiment, the case where the merchandise is purchased at oneshopping site was explained. However, when merchandise is purchased at aplurality of shopping sites, by issuing ID for confirmation at eachshopping site, the intention to purchase may be confirmed at eachshopping site.

Furthermore, in the above-mentioned example, the user sends the IDnumber for confirmation, which was sent from the server 21, to theserver 21 by using the portable telephone 23. However, besides thisexample, it may be possible to authenticate a user by the followingmethods. That is, the server 21 uses the telephone number of the modemof the server 26 of the telephone company instead of the server 21 ofthe shopping site as the telephone number for confirming ID number sentto the user's terminal device 22 together with the ID number forconfirmation. Furthermore, the server 21 sends the ID number forconfirmation determined by the random number generating unit 216 to theuser and also to the server 26 of the telephone company together withthe user's name. Then, the user sends the ID number for confirmationsent by the server 21 to the server 26 of the telephone company via theportable telephone 23. Then, the server 26 of the telephone companychecks the name that is registered as a user of the portable telephone23 with the user's name sent from the server 21 together with theconfirmation ID number based on the received telephone number of theportable telephone 23, thereby confirming whether or not the user is areal person. Note here that in the case where the authentication of theuser is performed by this method, the configuration corresponding to theauthentication storage unit 214 and the authentication unit 217 of theserver 21 is necessary for the side of the server 26.

As mentioned above, according to the on-line shopping system of thisembodiment, since the user need not input a credit card number orpersonal identification code, the user can make a payment by a easyprocedure. Furthermore, since the credit card number or identificationcode does not appear on the Internet, these secret data are not known tothe third person, thus enabling high safety to be secured.

Note here that this embodiment employs the configuration in which theserver 21 is connected to the server 26 via the private line 27.However, since data exchanged between the server 21 and the server 26include the user's telephone number of the portable telephone and thename and address of the user of the telephone number, the secrecy degreemay be thought to be lower as compared with data such as credit cardnumber or its identification code which may cause a monetary damage ifthey are known to a malicious third person. In such a case, it is notnecessary to use a private line, for example, the server 21 may beconnected to the server 26 via a public line and the data are exchangedin a state in which they are encoded.

Third Embodiment

FIG. 11 is a block diagram showing a configuration of an on-lineshopping system according to a third embodiment of the presentinvention. In FIG. 11, reference numeral 31 denotes a server of aservice provider of a shopping site; 32 denotes a terminal device of aservice user; 33 denotes a portable telephone; 34 denotes a modem of theserver 31; and 35 denotes the Internet. The on-line shopping systemaccording to this embodiment is different from the on-line shoppingsystem according to the second embodiment in that the server 31 of theshopping site is connected to a server 36 of a credit card issuingcompany.

The service user accesses the shopping site of the server 31 from theterminal device 32 via the Internet 35. Note here that the service userregisters in advance the user information such as a name, address andE-mail address, etc. in the user information storage unit 312 of theserver 31.

The user browses the shopping site to look for merchandise. That is, asin the second embodiment, the user selects merchandise to purchase fromthe merchandise displayed on the screen of a merchandise list as shownin FIG. 6 and puts it into a shopping cart.

After selection of the merchandise, the user clicks “shopping cart” inthe lower part of the screen for purchasing merchandise as shown in FIG.7 and the screen is shifted into a screen for confirming the purchasemerchandise as shown in FIG. 8. Herein, the user confirms themerchandise put in the shopping cart and in the case of ordering thesemerchandise, the user clicks “To ordering screen” in the lower part ofthe screen for confirming the purchasing merchandise. Thus, the displayscreen of the terminal device 32 is shifted to the ordering screen shownin FIG. 9. Note here that the price, etc. shown in the display screen ofFIG. 8 or 9 is calculated by a billing unit 318 of the server 31.

As shown in FIG. 9, in the upper part of the ordering screen, thepurchasing merchandise information is displayed, and in the lower partof the screen, the letter “Please telephone the number below forconfirmation of order and input your ID number for confirmation” and thetelephone number and the ID number for confirmation are displayed. ThisID number for confirmation is determined by allowing a random numbergenerating part 316 to generate random numbers and is sent to the user'sterminal device 32 together with the telephone number for confirming theID number. Furthermore, the ID number for confirmation is stored also inan authentication information storage unit 314 in the server 31. Notehere that the telephone number for confirming the ID number is atelephone number of the modem 34 connected to the server 31.

The user telephones the number displayed on the ordering screen by usingthe portable telephone 33. When the server 31 receives a telephone callfrom the portable telephone 33 by the modem 34, it obtains the telephonenumber of the portable telephone 33 from a calling telephone numbernotification service provided by a telephone network (not shown) andstores the obtained telephone number in the authentication informationstorage unit 314. When the telephone is connected to the server 31, theuser inputs the ID number for confirmation displayed on the screen ofthe terminal device 32 by using keys of the portable telephone 33.

The server 31 of the service provider confirms the content of thepurchasing merchandise based on the input ID number for confirmation.Furthermore, the server 31 replays a voice message for requesting toinput the credit card number and identification code like “Input yourcredit card number. After inputting the credit card number, push a #(sharp) key. Next, input your identification code. After inputting theidentification code, push a # (sharp) key.” to the portable telephone 33via the modem 34. The user inputs the credit card number and theidentification code from the portable telephone 33 in accordance withthe voice message. These input data are sent to a credit informationreceiving unit 315 of the server 31 via the modem 34.

The authentication unit 317 of the server 31 inquires the credit cardnumber and identification code received in the credit informationreceiving unit 315 for the server 36 of the credit card issuing company(user management device). When there is no problem, the authenticationunit 317 requests the portable telephone 33 to input the purchase pricewith by a voice message: “Input the purchase price. After inputting thepurchase price, push a # (sharp) key.”

Herein, the user inputs the total purchase price shown in the orderingscreen (see FIG. 9) displayed on the terminal device 32 from keys of theportable telephone 33. In the server 31 of the service provider, thebilling unit 318 checks the price input from the portable telephone 33with the price of the purchasing merchandise information, and if theprices agree with each other, the server 31 sends a voice message like“Total price of the merchandise you have purchased is 5150 yen. We wouldcharge it to your designated credit card” to the portable telephone 33via the modem 34 and terminates the call.

The server 31 of the service provider indicates a distribution system(not shown in the drawing) to ship the ordered merchandise. Furthermore,the billing unit 318 of the server 31 sends a bill for the purchasedmerchandise with respect to the credit card designated by the user tothe server 36 of the credit card issuing company.

In this embodiment, the inquiry was carried out by using only the creditcard number and identification code. However, the server of thetelephone company is connected to the server 31 of the service provideras in the second embodiment, and the authentication unit 317 inquiresthe name of the member of the credit card and the name of the holder ofthe telephone that sent the ID number for confirmation to confirmwhether or not the both agree with each other, thus enabling theauthentication of the user to be performed with higher certainty.

Furthermore, in this embodiment, the confirmation information such as anID number for confirmation and credit card number, etc. were sent fromthe portable telephone 33 to the server 31, however, as explained in thesecond embodiment, these confirmation information and purchase price maydirectly be sent by the user from the portable telephone 33 to theserver 36.

Thus, according to this embodiment, the user need not input the creditcard number or identification code into the terminal device connected tothe Internet, it is possible to carry out a shopping on the Internetsafely while maintaining the high security. Furthermore, since theservers for exchanging the data such as credit card number ofidentification code are connected via the private line, these secretdata are not known to the third person, thus enabling high safety to besecured.

INDUSTRIAL APPLICABILITY

According to the present invention, since the exchanging of the secretdata such as password between the user and the server is performed byusing the communication means other than the Internet, it is possible toprovide an on-line system capable of preventing the wrongdoing such aspretending in a simple way.

1. A method for authenticating a user by which a server device of aservice provider authenticates a service user on a network, the methodcomprising: a confirmation information issuing step including receivingan authentication request from a first communication device of theservice user, and then generating a confirmation information to bereplied to the first communication device; an authentication step ofjudging whether or not the confirmation information replied to the firstcommunication device agrees with the confirmation information sent fromthe service user by a second communication device using a communicationpath that is different from a communication path of the firstcommunication device; obtaining first authentication requesterinformation about a service user who makes the authentication requestbased on information contained in the authentication request receivedfrom the first communication device; and obtaining second authenticationrequester information about the service user when receiving confirmationinformation from the second communication device and judging whether ornot the first authentication requester information agrees with thesecond authentication requester information, wherein the firstcommunication device is a computer connected to the server device of theservice provider via Internet, the second communication device is atelephone, the first authentication requester information is a user'sname registered in advance in the server device by each service user,and the second authentication requester information is a user's name ofthe second communication device registered in a telephone company,wherein the second authentication requester information is obtained byperforming an inquiry to a user management device of the telephonecompany providing the second communication device based on a telephonenumber of the second communication device obtained by a callingtelephone number notification service provided by a telephone network.2. The method for authenticating a user according to claim 1, whereinwhen it is judged that the first authentication requester informationagrees with the second authentication requester information, a toll of aservice used by the service user is collected from a service user's bankaccount from which telephone charges are drawn.
 3. The method forauthenticating a user according to claim 2, wherein the server device ofthe service provider sends the confirmation information replied in theconfirmation information issuing step to a user management device of thetelephone company and allows the user management device of the telephonecompany to execute the authentication step.
 4. The method forauthenticating a user according to claim 1, the method furthercomprising, in the authentication step after it is judged that theconfirmation information replied to the first communication deviceagrees with the confirmation information sent from the service user bythe second communication device, a step of receiving credit cardinformation of the service user from the second communication device andcharging the service user based on the received credit card information.5. A method for authenticating a user by which a server device of aservice provider authenticates a service user on a network, the methodcomprising: a confirmation information issuing step including receivingan authentication recquest from a first communication device of theservice user, and then generating a confirmation information to bereplied to the first communication device; an authentication step ofjudging whether or not the confirmation information replied to the firstcommunication device agrees with the confirmation information sent fromthe service user by a second communication device using a communicationpath that is different from a communication path of the firstcommunication device; in the authentication step after it is judged thatthe confirmation information replied to the first communication deviceagrees with the confirmation information sent from the service user bythe second communication device, receiving credit card information ofthe service user from the second communication device and charging theservice user based on the received credit card information; obtaining atelephone number of the second communication device from a callingtelephone number notification service provided by a telephone network;obtaining a user's name of the second communication device from a usermanagement device of a telephone company based on the obtainedtelephoned number; and judging whether or not a user's name of thecredit card obtained from the user management device of the credit cardcompany agrees with a user's name of the second communication deviceobtained by the user management device of the telephone company, whereinthe first communication device is a computer connected to the serverdevice of the service provider via Internet, and the secondcommunication device is a telephone.
 6. An authentication devicecomprising: an external connection unit for receiving an authenticationrequest from a first communication device of a service user, aconfirmation information generating unit for generating confirmationinformation to be replied to the first communication device, aconfirmation information storage unit for storing the confirmationinformation replied to the first communication device, a confirmationinformation receiving unit for receiving the confirmation informationsent by the service user from a second communication device using acommunication path that is different from a communication path of thefirst communication device, an authentication unit for juduing whetheror not the confirmation information received by the confirmationinformation receiving unit agrees with the confirmation informationstored in the confirmation information storing unit, a firstauthentication requester information obtaining unit for obtaining afirst authentication requester information about the service user whomakes the authentication request based on the information contained inthe authentication request received from the first communication device,a second authentication requester information obtaining unit forobtaining a second authentication requester information about theservice user when receiving the confirmation information from the secondcommunication device, a first authentication requester informationregistering unit for storing a name of each service user as the firstauthentication requester information, and the second authenticationrequester information is the name of the user of the secondcommunication device registered in a telephone company, and the secondauthentication requester information obtaining unit obtains a user'sname from the user management device of the telephone company, whereinthe authentication unit also judges whether or not the firstauthentication requester information agrees with the secondauthentication requester information; wherein the first communicationdevice is a computer connected to a server device of a service providervia Internet, and the second communication device is a telephone; andwherein the second authentication requester information obtaining unitobtains a telephone number of the second communication device from acalling telephone number notification service provided by a telephonenetwork and performs inquiry to the user management device of thetelephone company based on the obtained telephone number, therebyobtaining the second authentication requester information.
 7. The userauthentication device according to claim 6, the user authenticationdevice further comprising: a credit information receiving unit forreceiving credit card information of the service user from the secondcommunication device, and a billing unit for charging the service userbased on the credit card information received by the credit informationreceiving unit after it is judged that, in the authentication step, theconfirmation information replied to the first communication deviceagrees with the confirmation information sent from the service user bythe second communication.
 8. An authentication device comprising: anexternal connection unit for receiving an authentication request from afirst communication device of a service user, a confirmation informationgenerating unit for generating confirmation information to be replied tothe first communication device, a confirmation information storage unitfor storing the confirmation information replied to the firstcommunication device, a confirmation information receiving unit forreceiving the confirmation information sent by the service user from asecond communication device using a communication path that is differentfrom a communication path of the first communication device, anauthentication unit for judging whether or not the confirmationinformation received by the confirmation information receiving unitagrees with the confirmation information stored in the confirmationinformation storing unit, a credit information receiving unit forreceiving credit card information of the service user from the secondcommunication device, a billing unit for charging the service user basedon the credit card information received by the credit informationreceiving unit after it is judged that, in the authentication step, theconfirmation information replied to the first communication deviceagrees with the confirmation information sent from the service user bythe second communication, a telephone number obtaining unit forobtaining a telephone number of the second communication device from acalling telephone number notification service provided by a telephonenetwork, and a user's name obtaining unit for obtaining a name of theuser of the second communication device from a user management device ofa telephone company based on the obtained telephone number, wherein thefirst communication device is a computer connected to a server device ofa service provider via Internet and the second communication device is atelephone; and wherein the authentication unit judges whether or not theuser's name of the credit card obtained from the user management deviceof a credit card company agrees with the user's name of the secondcommunication device obtained from the user management device of thetelephone company.